Wed, 28 Sep 2011

I'm encountering a routing problem on one of my Linux machine, for which
I haven't found a solution so far. I have a machine which has several
network interfaces in different network (it's our monitoring system). So I
have eth0 with 192.168.1.2 and eth1 with
10.0.0.2, and an dns entry pointing from myname to
192.168.1.2.

Problems occur, if hosts in the 10.x.x.x network try to access the hosts.
Accessing it via it's IP address in that network works, however if they try
to access him via his other IP address 192.168.1.2 (e.g. because
they resolve it via dns), it leads to some problems:

The host send their packet to his IP address (which works), however
when my machine sends the answer, it takes a shortcut, and sends them
directly via eth1 and with 10.0.0.2 as source IP. This
however gets filtered by a (stateful) firewall somewhere in between, as
packet send to 192.168.1.2 are suddenly answered by 10.0.0.2.

So far I found two solutions: Adjust the DNS to resolve to different IPs
depending on the source of the request (ugly) or tell all firewalls to
always let packet from my host pass, despite the changes source IP (also
ugly, and probably quite some work).

Is there anything else I can do? What I would really like, would be a
way to tell my linux box to always respond with the IP it was talked to,
even if there would be a shorter way to the origin according to the routing
rable. So, if a host 10.0.0.42 contacts my host via the IP 192.168.1.2,
the answer packet should come from 192.168.1.2 via eth0 instead of
instead of having a source IP set to 10.0.0.2, it should be send via
eth1. Is that somehow possible?

About

Alexander Tolimar Reichle-Schmehl lives in Hildesheim / Germany. He's an official Debian Developer. Beside maintaining various packages, his main task is being spokesman and event organizer of the Debian project.